Plugin
| Arg | Description | Type |
|---|---|---|
| rules | Yara rules in the yara DSL or after being compiled by the yarac compiler. | string |
| files | The list of files to scan. | list of Any (required) |
| accessor | Accessor (e.g. ntfs,file) | string |
| context | How many bytes to include around each hit | int |
| start | The start offset to scan | uint64 |
| end | End scanning at this offset (100mb) | uint64 |
| number | Stop after this many hits (1). | int64 |
| blocksize | Blocksize for scanning (1mb). | uint64 |
| key | If set use this key to cache the yara rules. | string |
| namespace | The Yara namespece to use. | string |
| vars | The Yara variables to use. | ordereddict.Dict |
Required Permissions: FILESYSTEM_READ
Scan files using yara rules.